From 47819ea70dae44c72e6bec7cef4736a957c7a397 Mon Sep 17 00:00:00 2001 From: Lance McCarthy Date: Mon, 16 Dec 2024 08:52:41 -0500 Subject: [PATCH 1/3] Improve GHSA-6q8c-85p2-954c --- .../GHSA-6q8c-85p2-954c.json | 52 +++++++++++++++++-- 1 file changed, 49 insertions(+), 3 deletions(-) diff --git a/advisories/unreviewed/2024/09/GHSA-6q8c-85p2-954c/GHSA-6q8c-85p2-954c.json b/advisories/unreviewed/2024/09/GHSA-6q8c-85p2-954c/GHSA-6q8c-85p2-954c.json index 874b8ded2d151..6561013b83076 100644 --- a/advisories/unreviewed/2024/09/GHSA-6q8c-85p2-954c/GHSA-6q8c-85p2-954c.json +++ b/advisories/unreviewed/2024/09/GHSA-6q8c-85p2-954c/GHSA-6q8c-85p2-954c.json @@ -1,19 +1,65 @@ { "schema_version": "1.4.0", "id": "GHSA-6q8c-85p2-954c", - "modified": "2024-09-25T15:31:13Z", + "modified": "2024-09-25T15:31:19Z", "published": "2024-09-25T15:31:12Z", "aliases": [ "CVE-2024-8316" ], - "details": "In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.", + "summary": "Completion of GHSA-6q8c-85p2-954c", + "details": "In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability. For more information, visit the associated knowledgebase article => https://docs.telerik.com/devtools/wpf/knowledge-base/unsafe-deserialization-cve-2024-8316.\n\n", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], - "affected": [], + "affected": [ + { + "package": { + "ecosystem": "NuGet", + "name": "Telerik.UI.for.Wpf.*" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2024.3.924" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 2024.3.806" + } + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Telerik.Windows.Controls.Diagrams.for.Wpf.*" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2024.3.924" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 2024.3.806" + } + } + ], "references": [ { "type": "ADVISORY", From a3ac682a78e43a883b80dc56300e72dabe9943dd Mon Sep 17 00:00:00 2001 From: Lance McCarthy Date: Tue, 17 Dec 2024 12:04:49 -0500 Subject: [PATCH 2/3] Update GHSA-6q8c-85p2-954c.json --- .../GHSA-6q8c-85p2-954c.json | 316 +++++++++++++++++- 1 file changed, 312 insertions(+), 4 deletions(-) diff --git a/advisories/unreviewed/2024/09/GHSA-6q8c-85p2-954c/GHSA-6q8c-85p2-954c.json b/advisories/unreviewed/2024/09/GHSA-6q8c-85p2-954c/GHSA-6q8c-85p2-954c.json index 6561013b83076..dac035ae7b2df 100644 --- a/advisories/unreviewed/2024/09/GHSA-6q8c-85p2-954c/GHSA-6q8c-85p2-954c.json +++ b/advisories/unreviewed/2024/09/GHSA-6q8c-85p2-954c/GHSA-6q8c-85p2-954c.json @@ -18,14 +18,14 @@ { "package": { "ecosystem": "NuGet", - "name": "Telerik.UI.for.Wpf.*" + "name": "Telerik.Windows.Controls.Diagrams.for.Wpf" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { - "introduced": "0" + "introduced": "2016.3.1024" }, { "fixed": "2024.3.924" @@ -40,14 +40,322 @@ { "package": { "ecosystem": "NuGet", - "name": "Telerik.Windows.Controls.Diagrams.for.Wpf.*" + "name": "Telerik.Windows.Controls.Diagrams.for.Wpf.Xaml" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { - "introduced": "0" + "introduced": "2016.3.1024" + }, + { + "fixed": "2024.3.924" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 2024.3.806" + } + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Telerik.Windows.Controls.Diagrams.Extensions.for.Wpf" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2016.3.1024" + }, + { + "fixed": "2024.3.924" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 2024.3.806" + } + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Telerik.Windows.Controls.Diagrams.Extensions.for.Wpf.Xaml" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2016.3.1024" + }, + { + "fixed": "2024.3.924" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 2024.3.806" + } + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Telerik.Windows.Controls.Diagrams.Ribbon.for.Wpf" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2016.3.1024" + }, + { + "fixed": "2024.3.924" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 2024.3.806" + } + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Telerik.Windows.Controls.Diagrams.Ribbon.for.Wpf.Xaml" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2016.3.1024" + }, + { + "fixed": "2024.3.924" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 2024.3.806" + } + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Telerik.Windows.Diagrams.Core.for.Wpf" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2016.3.1024" + }, + { + "fixed": "2024.3.924" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 2024.3.806" + } + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Telerik.Windows.Diagrams.Core.for.Wpf.Xaml" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2016.3.1024" + }, + { + "fixed": "2024.3.924" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 2024.3.806" + } + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Telerik.UI.for.Wpf.462" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2016.3.1024" + }, + { + "fixed": "2024.3.924" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 2024.3.806" + } + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Telerik.UI.for.Wpf.462.Xaml" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2016.3.1024" + }, + { + "fixed": "2024.3.924" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 2024.3.806" + } + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Telerik.UI.for.Wpf.60" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2016.3.1024" + }, + { + "fixed": "2024.3.924" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 2024.3.806" + } + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Telerik.UI.for.Wpf.60.Xaml" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2016.3.1024" + }, + { + "fixed": "2024.3.924" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 2024.3.806" + } + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Telerik.UI.for.Wpf.80" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2016.3.1024" + }, + { + "fixed": "2024.3.924" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 2024.3.806" + } + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Telerik.UI.for.Wpf.80.Xaml" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2016.3.1024" + }, + { + "fixed": "2024.3.924" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 2024.3.806" + } + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Telerik.UI.for.Wpf.AllControls" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2016.3.1024" + }, + { + "fixed": "2024.3.924" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 2024.3.806" + } + }, + { + "package": { + "ecosystem": "NuGet", + "name": "Telerik.UI.for.Wpf.AllControls.Xaml" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "2016.3.1024" }, { "fixed": "2024.3.924" From 645a5c08ce33943ecb0c60708e9d831c62e68e7e Mon Sep 17 00:00:00 2001 From: Lance McCarthy Date: Tue, 17 Dec 2024 12:42:42 -0500 Subject: [PATCH 3/3] Update GHSA-6q8c-85p2-954c.json --- .../2024/09/GHSA-6q8c-85p2-954c/GHSA-6q8c-85p2-954c.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advisories/unreviewed/2024/09/GHSA-6q8c-85p2-954c/GHSA-6q8c-85p2-954c.json b/advisories/unreviewed/2024/09/GHSA-6q8c-85p2-954c/GHSA-6q8c-85p2-954c.json index dac035ae7b2df..0e882fa1952df 100644 --- a/advisories/unreviewed/2024/09/GHSA-6q8c-85p2-954c/GHSA-6q8c-85p2-954c.json +++ b/advisories/unreviewed/2024/09/GHSA-6q8c-85p2-954c/GHSA-6q8c-85p2-954c.json @@ -7,7 +7,7 @@ "CVE-2024-8316" ], "summary": "Completion of GHSA-6q8c-85p2-954c", - "details": "In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability. For more information, visit the associated knowledgebase article => https://docs.telerik.com/devtools/wpf/knowledge-base/unsafe-deserialization-cve-2024-8316.\n\n", + "details": "In Progress Telerik UI for WPF versions 2016 R3 (2016.3.1024) to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability. For more information, visit the associated knowledgebase article => https://docs.telerik.com/devtools/wpf/knowledge-base/unsafe-deserialization-cve-2024-8316.", "severity": [ { "type": "CVSS_V3",